Skip to content
Snippets Groups Projects
Select Git revision
  • 2ff756281903c5d47e27b87c98f3fca3078cfbf8
  • master default protected
  • android-7.1.2_r28_klist
  • pie-cts-release
  • pie-vts-release
  • pie-cts-dev
  • oreo-mr1-iot-release
  • sdk-release
  • oreo-m6-s4-release
  • oreo-m4-s12-release
  • pie-release
  • pie-r2-release
  • pie-r2-s1-release
  • oreo-vts-release
  • oreo-cts-release
  • oreo-dev
  • oreo-mr1-dev
  • pie-gsi
  • pie-platform-release
  • pie-dev
  • oreo-cts-dev
  • android-o-mr1-iot-release-1.0.4
  • android-9.0.0_r8
  • android-9.0.0_r7
  • android-9.0.0_r6
  • android-9.0.0_r5
  • android-8.1.0_r46
  • android-8.1.0_r45
  • android-n-iot-release-smart-display-r2
  • android-vts-8.1_r5
  • android-cts-8.1_r8
  • android-cts-8.0_r12
  • android-cts-7.1_r20
  • android-cts-7.0_r24
  • android-o-mr1-iot-release-1.0.3
  • android-cts-9.0_r1
  • android-8.1.0_r43
  • android-8.1.0_r42
  • android-n-iot-release-smart-display
  • android-p-preview-5
  • android-9.0.0_r3
41 results

port_contexts

Blame
    • dcashman's avatar
      cc39f637
      Split general policy into public and private components. · cc39f637
      dcashman authored 
      Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
      cc39f637
      History
      Split general policy into public and private components.
      dcashman authored 
      Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
    dumpstate.te 3.91 KiB 
    # dumpstate
type dumpstate, domain;
type dumpstate_exec, exec_type, file_type;

init_daemon_domain(dumpstate)
net_domain(dumpstate)
binder_use(dumpstate)

# Drop privileges by switching UID / GID
allow dumpstate self:capability { setuid setgid };

# Allow dumpstate to scan through /proc/pid for all processes
r_dir_file(dumpstate, domain)

# Send signals to processes
allow dumpstate self:capability kill;

# Allow executing files on system, such as:
#   /system/bin/toolbox
#   /system/bin/logcat
#   /system/bin/dumpsys
allow dumpstate system_file:file execute_no_trans;

# Create and write into /data/anr/
allow dumpstate self:capability { dac_override chown fowner fsetid };
allow dumpstate anr_data_file:dir { rw_dir_perms relabelto };
allow dumpstate anr_data_file:file create_file_perms;
allow dumpstate system_data_file:dir { create_dir_perms relabelfrom };

# Allow reading /data/system/uiderrors.txt
# TODO: scope this down.
allow dumpstate system_data_file:file r_file_perms;

# Read dmesg
allow dumpstate self:capability2 syslog;
allow dumpstate kernel:system syslog_read;

# Read /sys/fs/pstore/console-ramoops
allow dumpstate pstorefs:dir r_dir_perms;
allow dumpstate pstorefs:file r_file_perms;

# Get process attributes
allow dumpstate domain:process getattr;

# Signal java processes to dump their stack
allow dumpstate { appdomain system_server }:process signal;

# Signal native processes to dump their stack.
# This list comes from native_processes_to_dump in dumpstate/utils.c
allow dumpstate { drmserver mediaserver sdcardd surfaceflinger }:process signal;
# Ask debuggerd for the backtraces of these processes.
allow dumpstate { drmserver mediaserver sdcardd surfaceflinger }:debuggerd dump_backtrace;

# Execute and transition to the vdc domain
domain_auto_trans(dumpstate, vdc_exec, vdc)

# Vibrate the device after we're done collecting the bugreport
# /sys/class/timed_output/vibrator/enable
# TODO: create a new file class, instead of allowing write access to all of /sys
allow dumpstate sysfs:file w_file_perms;

# Other random bits of data we want to collect
allow dumpstate qtaguid_proc:file r_file_perms;
allow dumpstate debugfs:file r_file_perms;

# Allow dumpstate to make binder calls to any binder service
binder_call(dumpstate, binderservicedomain)
binder_call(dumpstate, appdomain)

# Reading /proc/PID/maps of other processes
    allow dumpstate self:capability sys_ptrace;

# Allow the bugreport service to create a file in
# /data/data/com.android.shell/files/bugreports/bugreport
allow dumpstate shell_data_file:dir create_dir_perms;
allow dumpstate shell_data_file:file create_file_perms;

# Run a shell.
allow dumpstate shell_exec:file rx_file_perms;

# For running am and similar framework commands.
# Run /system/bin/app_process.
allow dumpstate zygote_exec:file rx_file_perms;
# Dalvik Compiler JIT.
allow dumpstate ashmem_device:chr_file execute;
allow dumpstate dumpstate_tmpfs:file execute;
allow dumpstate self:process execmem;
# For art.
allow dumpstate dalvikcache_data_file:file execute;

# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access
allow dumpstate gpu_device:chr_file rw_file_perms;

# logd access
read_logd(dumpstate)
control_logd(dumpstate)

# Read network state info files.
allow dumpstate net_data_file:dir search;
allow dumpstate net_data_file:file r_file_perms;

# Access /data/tombstones.
allow dumpstate tombstone_data_file:dir r_dir_perms;
allow dumpstate tombstone_data_file:file r_file_perms;

# Access /system/bin executables to determine type of executable.
allow dumpstate {drmserver_exec mediaserver_exec sdcardd_exec surfaceflinger_exec}:file r_file_perms;

service_manager_local_audit_domain(dumpstate)
auditallow dumpstate {
    service_manager_type
    -drmserver_service
    -healthd_service
    -inputflinger_service
    -keystore_service
    -mediaserver_service
    -nfc_service
    -radio_service
    -surfaceflinger_service
    -system_app_service
    -system_server_service
}:service_manager find;